General

  • Target

    2024-11-11_278f0348072952e52fde5c52d719e275_smoke-loader_wapomi

  • Size

    80KB

  • Sample

    241111-kamkqawhpd

  • MD5

    278f0348072952e52fde5c52d719e275

  • SHA1

    677b1078d05072484732571eb146ebf336eaa8b3

  • SHA256

    3f01f366567ed8b73ea1ba5d0d275d515a265123896d3d1ceaae8be169146171

  • SHA512

    1bece47e48b8777d95ece9a797abd770acc6ab669779695936ba04bb4d8d56907da17ab3622cfc8715d78a11fdf7d2548d0f0b5ea33929753d7ce0c84d589487

  • SSDEEP

    1536:fHB0UxMkzOt7HcvJGt5AdHIOWnToIf12ZkxGCq2iW7z:fhAWJGSCTBf12ZYGCH

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-11_278f0348072952e52fde5c52d719e275_smoke-loader_wapomi

    • Size

      80KB

    • MD5

      278f0348072952e52fde5c52d719e275

    • SHA1

      677b1078d05072484732571eb146ebf336eaa8b3

    • SHA256

      3f01f366567ed8b73ea1ba5d0d275d515a265123896d3d1ceaae8be169146171

    • SHA512

      1bece47e48b8777d95ece9a797abd770acc6ab669779695936ba04bb4d8d56907da17ab3622cfc8715d78a11fdf7d2548d0f0b5ea33929753d7ce0c84d589487

    • SSDEEP

      1536:fHB0UxMkzOt7HcvJGt5AdHIOWnToIf12ZkxGCq2iW7z:fhAWJGSCTBf12ZYGCH

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks